def test_process_ldapquery(): from ldap2pg.validators import mapping, ldapquery, parse_scope with pytest.raises(ValueError): ldapquery(None) raw = dict(base='dc=unit', scope=parse_scope('sub'), attribute='cn') v = ldapquery(raw) assert 'filter' in v with pytest.raises(ValueError): ldapquery(dict(raw, scope='unkqdsfq')) v = mapping( dict(role=dict(name='static', name_attribute=u'sAMAccountName'), ldap=dict(base='o=acme'))) assert ['sAMAccountName'] == v['ldap']['attributes'] assert 'names' in v['roles'][0] assert '{sAMAccountName}' in v['roles'][0]['names'] assert 'static' in v['roles'][0]['names'] assert 'role_attribute' not in v['roles'][0] v = mapping(dict(role=dict(name='{cn}'), ldap=dict(base='o=acme'))) assert ['cn'] == v['ldap']['attributes'] with pytest.raises(ValueError): mapping(dict(role='static', ldap=dict(base='dc=lol')))
def test_process_mapping_ldap_join(): from ldap2pg.validators import mapping v = mapping( dict(ldapsearch=dict(), role=dict(name_attribute='member.sAMAccountName', comment='from {cn.lower()}')), ) assert v['ldapsearch']['joins'] assert 'cn' in v['ldapsearch']['attributes']
def test_process_mapping_ldap_compat_unexpected_dn(): from ldap2pg.validators import mapping v = mapping( dict(ldap=dict(), role=dict( name='{cn}', on_unexpected_dn='ignore', )), ) assert 'ignore' == v['ldap']['on_unexpected_dn'] assert 'on_unexpected_dn' not in v['roles'] # Refuse mixed on_unexpected_dn. with pytest.raises(ValueError): mapping( dict( ldap=dict(), roles=[ dict(name='{cn}', on_unexpected_dn='ignore'), dict(name='{member}', on_unexpected_dn='fail'), ], ))
def test_mapping_refuse_static_rules_when_ldap(): from ldap2pg.validators import mapping raw = dict( ldap=dict(base="toto"), roles=["{cn}"], ) assert mapping(raw.copy()) raw['roles'].append('static') with pytest.raises(ValueError): mapping(raw) raw = dict( ldap=dict(base="toto"), grant=dict(roles=["{cn}"], privilege="ro"), ) assert mapping(raw.copy()) raw['grant']['roles'].append('static') with pytest.raises(ValueError): mapping(raw)
def test_process_mapping_grant(): from ldap2pg.validators import mapping mapping(dict(grant=dict(privilege='ro', role='alice')))